安全分析报告:
安全分数
安全分数 45/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
5
中危
15
信息
1
安全
2
关注
3
高危 Activity (cn.com.chinastock.YinHeZhangTing.wxapi.WXEntryActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: cn/com/chinastock/chinastockopenaccount/plugin/config/EUExConfig.java, line(s) 19
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/anychat/aiselfopenaccountsdk/BuildConfig.java, line(s) 3,6 com/anychat/aiselfrecordsdk/BuildConfig.java, line(s) 3,5 com/bairuitech/anychat/videobanksdk/BuildConfig.java, line(s) 3,8
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: cn/com/chinastock/YinHeZhangTing/WebActivity.java, line(s) 120,10,11
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: cn/com/chinastock/chinastockopenaccount/a.java, line(s) 56,54
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity设置了TaskAffinity属性
(cn.com.chinastock.YinHeZhangTing.wxapi.WXEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (cn.com.chinastock.YinHeZhangTing.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/com/chinastock/chinastockopenaccount/plugin/config/EUExConfig.java, line(s) 9 com/anychat/aiselfopenaccountsdk/component/model/ComponentField.java, line(s) 32 com/anychat/aiselfopenaccountsdk/model/business/BusinessDataField.java, line(s) 7 com/anychat/aiselfopenaccountsdk/model/business/BusinessField.java, line(s) 32 com/anychat/aiselfopenaccountsdk/model/business/BusinessRequestField.java, line(s) 18 com/anychat/aiselfopenaccountsdk/model/business/BusinessResponseField.java, line(s) 24 com/anychat/aiselfopenaccountsdk/util/business/QualityItemUtil.java, line(s) 22 com/anychat/aiselfrecordsdk/component/model/ComponentField.java, line(s) 47 com/anychat/aiselfrecordsdk/config/BusinessDialogMessageType.java, line(s) 4,17,24 com/anychat/aiselfrecordsdk/model/business/BusinessRequestField.java, line(s) 17 com/anychat/aiselfrecordsdk/model/business/BusinessResponseField.java, line(s) 32 com/anychat/aiselfrecordsdk/util/business/QualityItemUtil.java, line(s) 28 com/bairuitech/anychat/main/AnyChatSDK.java, line(s) 986,523 com/bairuitech/anychat/videobanksdk/common/basicutils/encrypt/BRRSAUtils.java, line(s) 21,22 com/idsmanager/keyboardlibrary/keyboard/RandomKeyboardUtil.java, line(s) 23 o2/g.java, line(s) 53 r2/f.java, line(s) 36 r2/q.java, line(s) 87 r2/y.java, line(s) 79
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cn/cloudwalk/libproject/util/HuaXiaProcessor.java, line(s) 124 cn/cloudwalk/util/LoggerUtil.java, line(s) 205 cn/cloudwalk/util/Util.java, line(s) 19,14 cn/com/chinastock/chinastockopenaccount/plugin/anychat/doublevideo/DoubleVideoCertificationActivity.java, line(s) 224 cn/com/chinastock/chinastockopenaccount/plugin/anychat/doublevideo/DoubleVideoCertificationActivityEx.java, line(s) 218 cn/com/chinastock/chinastockopenaccount/plugin/chinastockcamera/ChinastockCameraPlusActivity.java, line(s) 99 cn/com/chinastock/chinastockopenaccount/plugin/image/EUExImage.java, line(s) 147 cn/com/chinastock/chinastockopenaccount/plugin/pdf/PdfActivity.java, line(s) 100 cn/com/chinastock/chinastockopenaccount/plugin/singlevideo/SingleVideoActivity.java, line(s) 167 com/anychat/aiselfopenaccountsdk/util/Base64BitmapUtil.java, line(s) 176,190 com/anychat/aiselfopenaccountsdk/util/Base64ToFileUtils.java, line(s) 37,63 com/anychat/aiselfopenaccountsdk/util/FileUtils.java, line(s) 305,330,342 com/anychat/common/util/Base64BitmapUtil.java, line(s) 176,190 com/anychat/common/util/Base64ToFileUtils.java, line(s) 32,58 com/anychat/common/util/FileUtils.java, line(s) 311,366,381 com/anychat/imagepicker/activity/ImagePickerActivity.java, line(s) 175 com/anychat/imagepicker/cardcamera/CameraActivity.java, line(s) 54 com/anychat/imagepicker/utils/FileUtils.java, line(s) 78,67,78,87,91,95,112,113 com/bairuitech/anychat/main/AnyChatSDK.java, line(s) 201 com/bairuitech/anychat/record/AnyChatRecordOpt.java, line(s) 35 com/bairuitech/anychat/record/AnyChatSnapshotOpt.java, line(s) 7 com/bairuitech/anychat/util/AnyChatImageUtils.java, line(s) 144,228 com/bairuitech/anychat/videobanksdk/business/imagepicker/activity/ImagePickerActivity.java, line(s) 175 com/bairuitech/anychat/videobanksdk/business/imagepicker/cardcamera/CameraActivity.java, line(s) 62 com/bairuitech/anychat/videobanksdk/business/imagepicker/utils/FileUtils.java, line(s) 68,57,68,77,81,85,102,103 com/bairuitech/anychat/videobanksdk/common/basicutils/BRFileUtils.java, line(s) 80,93,117 l2/d.java, line(s) 54,59,54
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/anychat/aiselfopenaccountsdk/util/business/AnyChatBusiness.java, line(s) 10 com/anychat/aiselfopenaccountsdk/view/SpeechShowView.java, line(s) 30 com/anychat/aiselfrecordsdk/component/BRAiSelfRecordSDK.java, line(s) 36 com/anychat/aiselfrecordsdk/util/RecordViewUtil.java, line(s) 17 com/anychat/aiselfrecordsdk/util/business/AnyChatBusiness.java, line(s) 10 com/anychat/aiselfrecordsdk/view/AnyChatAIComponentManager.java, line(s) 33 com/anychat/common/record/BRRecordModule.java, line(s) 32 com/bairuitech/anychat/videobanksdk/common/businessrequest/BRBusinessRequestManager.java, line(s) 10 com/bairuitech/anychat/videobanksdk/common/login/BRLoginModule.java, line(s) 14 com/networkbench/nbslens/nbsnativecrashlib/j.java, line(s) 12
中危 IP地址泄露
IP地址泄露 Files: com/anychat/aiselfopenaccountsdk/model/FaceEnvironment.java, line(s) 6 com/anychat/aiselfopenaccountsdk/util/TtsPlayHelper.java, line(s) 489 com/anychat/aiselfrecordsdk/model/FaceEnvironment.java, line(s) 9 com/anychat/common/ai/tts/TtsDownloadModule.java, line(s) 107 f2/a.java, line(s) 73,70
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: cn/cloudwalk/util/RootUtil.java, line(s) 138,133
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: a0/e.java, line(s) 371 com/anychat/aiselfopenaccountsdk/util/Base64ToFileUtils.java, line(s) 17 com/anychat/aiselfopenaccountsdk/util/FileUtils.java, line(s) 315 com/anychat/common/util/Base64ToFileUtils.java, line(s) 12 com/anychat/common/util/FileUtils.java, line(s) 351 com/bairuitech/anychat/AnyChatUtils.java, line(s) 89
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/cloudwalk/util/net/HttpManager.java, line(s) 68 f2/a.java, line(s) 62
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: cn/com/chinastock/YinHeZhangTing/WebActivity.java, line(s) 122,124,126,128,130,132,134,136,138,140,142,144,146,115 cn/com/chinastock/chinastockopenaccount/a.java, line(s) 188,280
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: cn/com/chinastock/YinHeZhangTing/WebActivity.java, line(s) 116,115 cn/com/chinastock/chinastockopenaccount/a.java, line(s) 182,280
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 百度地图的=> "com.baidu.lbsapi.API_KEY" : "aWqST2mjWhQot9XRYegpAqRpUIpVo8zM" 8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3 jzytandroid1qaz2wsx3edc4rfv5tgb6 787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498 44656C69766572792D646174653A 63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A 28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93 fc519484f3044c17a8753c5c6a7a7375 8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7 32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7 421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D 0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2 BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/e.java, line(s) 622,623 a1/a.java, line(s) 245,1110,1155,1162,894,907,957,1565,1602,1674 a4/a.java, line(s) 202 c/g.java, line(s) 173 c/j.java, line(s) 373,390,808,810,813,417,1222,1345,1348 c/k.java, line(s) 53 c/r.java, line(s) 29,43,54 c3/a.java, line(s) 63,142,147,152,71,143,148,153 c3/i.java, line(s) 43,44 cn/cloudwalk/libproject/camera/FaceTrackPreview.java, line(s) 169,181 cn/cloudwalk/libproject/camera/gl/AFilter.java, line(s) 64 cn/cloudwalk/libproject/camera/gl/Gl2Utils.java, line(s) 132 cn/cloudwalk/libproject/sdk/FaceClipSdk.java, line(s) 78 cn/cloudwalk/libproject/view/RoundMaskView.java, line(s) 575 cn/cloudwalk/s.java, line(s) 247 cn/cloudwalk/util/FpsUtil.java, line(s) 54 cn/cloudwalk/util/LoggerUtil.java, line(s) 170,183,196,246,259 cn/cloudwalk/util/Logs.java, line(s) 12,18,24,30 cn/cloudwalk/util/net/HttpManager.java, line(s) 264,289 cn/com/chinastock/chinastockopenaccount/plugin/anychat/ChinastockAnyChatActivity.java, line(s) 120,151,426,460 cn/com/chinastock/chinastockopenaccount/plugin/anychat/EUExAnyChat.java, line(s) 138 cn/com/chinastock/chinastockopenaccount/plugin/anychat/doublevideo/DoubleVideoCertificationActivity.java, line(s) 362 cn/com/chinastock/chinastockopenaccount/plugin/anychat/doublevideo/DoubleVideoCertificationActivityEx.java, line(s) 335 com/anychat/aiselfopenaccountsdk/activity/AiSelfRecordVerifyActivity.java, line(s) 1136,1145,1154 com/anychat/aiselfopenaccountsdk/fragment/SpeechFragment.java, line(s) 394,610 com/anychat/aiselfopenaccountsdk/util/FileUtils.java, line(s) 204,222,228 com/anychat/aiselfopenaccountsdk/util/RecordViewUtil.java, line(s) 43,61,111 com/anychat/aiselfopenaccountsdk/util/TtsPlayHelper.java, line(s) 219,231 com/anychat/aiselfopenaccountsdk/util/UIAction.java, line(s) 80,94 com/anychat/aiselfopenaccountsdk/util/VolumeUtils.java, line(s) 28 com/anychat/aiselfopenaccountsdk/util/ai/FaceCompareUtil.java, line(s) 146,151,249,265,288,346 com/anychat/aiselfopenaccountsdk/util/ai/FaceDetectUtil.java, line(s) 92,97,290 com/anychat/aiselfopenaccountsdk/util/business/BusinessDialogManager.java, line(s) 510,543,579 com/anychat/aiselfopenaccountsdk/util/business/LogUtils.java, line(s) 21,35,49,54,66,72 com/anychat/aiselfopenaccountsdk/util/speech/SpeechRuleUtil.java, line(s) 36,37,56,57,84,98,109,134,146,192,193 com/anychat/aiselfopenaccountsdk/view/FaceDetectRoundView.java, line(s) 103,110 com/anychat/aiselfopenaccountsdk/view/RecordVideoShowView.java, line(s) 119,128,403,408,421,427,436,478,483,496,502,525,193,194 com/anychat/aiselfopenaccountsdk/view/RecordViewUtil.java, line(s) 44,62,112 com/anychat/aiselfrecordsdk/activity/CompleteRecordActivity.java, line(s) 318,319 com/anychat/aiselfrecordsdk/activity/RecordVerifyActivity.java, line(s) 904 com/anychat/aiselfrecordsdk/component/BRAiSelfRecordSDK.java, line(s) 344,351 com/anychat/aiselfrecordsdk/fragment/DigitalFragment.java, line(s) 247,360,374 com/anychat/aiselfrecordsdk/util/RecordViewUtil.java, line(s) 69,118 com/anychat/aiselfrecordsdk/util/UIAction.java, line(s) 82,96 com/anychat/aiselfrecordsdk/util/VolumeUtils.java, line(s) 28 com/anychat/aiselfrecordsdk/util/permission/CscPermissionUtils.java, line(s) 33,43,50 com/anychat/aiselfrecordsdk/view/FaceDetectRoundView.java, line(s) 103,110 com/anychat/aiselfrecordsdk/view/IdScanView.java, line(s) 151,152,154,158 com/anychat/aiselfrecordsdk/view/RecordVideoShowView.java, line(s) 120,129,446,451,464,470,479,520,525,538,544,567,194,195 com/anychat/common/speech/SpeechCharDispose.java, line(s) 16,21 com/anychat/common/speech/SpeechRuleUtil.java, line(s) 59,60,87,101,112,137,149,179,201,202,238,271,286 com/anychat/common/speech/SplitSpeechUtil.java, line(s) 49,50,56,62,70,77,115,150,170,190,275,295 com/anychat/common/util/FileUtils.java, line(s) 332,336,503,512,415,210,228,234 com/anychat/common/util/LogUtils.java, line(s) 20,34,48,53,65,71 com/anychat/common/util/UIAction.java, line(s) 83,97 com/anychat/enviroment/activity/AiSelfEnviromentDetectActivity.java, line(s) 277,519 com/anychat/imagepicker/cardcamera/AutoFocusManager.java, line(s) 58,85,88,102 com/anychat/imagepicker/cardcamera/CameraPreview.java, line(s) 106,166,214 com/anychat/imagepicker/cardcamera/SensorControler.java, line(s) 64,144 com/anychat/imagepicker/utils/ImageUtils.java, line(s) 69 com/anychat/imagepicker/view/cropper/CropOverlayView.java, line(s) 289,353,380,381,397,406,449,450,472 com/bairuitech/anychat/AnyChatCertHelper.java, line(s) 54,68,82,96,110,141,158,208,230 com/bairuitech/anychat/AnyChatGLUtil.java, line(s) 24,44 com/bairuitech/anychat/AnyChatShareScreenHelper.java, line(s) 568,632,692,986,996,105,332,204,483 com/bairuitech/anychat/VideoRenderer.java, line(s) 150 com/bairuitech/anychat/detachableservice/AnyChatDetachableService.java, line(s) 41,47,56,58,67,69,70,92,94,135 com/bairuitech/anychat/main/AnyChatJournal.java, line(s) 30,38,34,36 com/bairuitech/anychat/main/AnyChatSDK.java, line(s) 425,577,331,337 com/bairuitech/anychat/record/recordtag/AnyChatRecordTagData.java, line(s) 78 com/bairuitech/anychat/util/AnyChatImageUtils.java, line(s) 153 com/bairuitech/anychat/videobanksdk/AnyChatVideoBankSDK.java, line(s) 41,46,233,238,249 com/bairuitech/anychat/videobanksdk/business/floatwindow/FloatWindowParamManager.java, line(s) 195,208,66,80,270 com/bairuitech/anychat/videobanksdk/business/floatwindow/FloatWindowService.java, line(s) 65 com/bairuitech/anychat/videobanksdk/business/floatwindow/basefloat/AbsFloatBase.java, line(s) 105,123,138 com/bairuitech/anychat/videobanksdk/business/floatwindow/basefloat/FollowTouchView.java, line(s) 54,119 com/bairuitech/anychat/videobanksdk/business/floatwindow/basefloat/SystemHelper.java, line(s) 75 com/bairuitech/anychat/videobanksdk/business/imagepicker/activity/ImagePickerActivity.java, line(s) 357,380 com/bairuitech/anychat/videobanksdk/business/imagepicker/cardcamera/AutoFocusManager.java, line(s) 31,59,86,89,103 com/bairuitech/anychat/videobanksdk/business/imagepicker/cardcamera/CameraActivity.java, line(s) 187 com/bairuitech/anychat/videobanksdk/business/imagepicker/cardcamera/CameraPreview.java, line(s) 106,166,213 com/bairuitech/anychat/videobanksdk/business/imagepicker/cardcamera/SensorControler.java, line(s) 64,143 com/bairuitech/anychat/videobanksdk/business/imagepicker/utils/FileUtils.java, line(s) 22,47 com/bairuitech/anychat/videobanksdk/business/imagepicker/utils/ImageUtils.java, line(s) 60,76,41 com/bairuitech/anychat/videobanksdk/business/imagepicker/view/cropper/CropOverlayView.java, line(s) 291,358,385,386,402,411,454,455,477 com/bairuitech/anychat/videobanksdk/business/queue/view/BRWaitAnimateView.java, line(s) 83 com/bairuitech/anychat/videobanksdk/business/smartplay/utils/SpeechRuleUtil.java, line(s) 80,110,154,169 com/bairuitech/anychat/videobanksdk/business/videochat/controller/BRVideoChatController.java, line(s) 128,249,934 com/bairuitech/anychat/videobanksdk/business/videochat/view/BRRecordVideoActivity.java, line(s) 616,819 com/bairuitech/anychat/videobanksdk/common/basicutils/AnyChatOpenFileUtil.java, line(s) 60 com/bairuitech/anychat/videobanksdk/common/basicutils/BRFileUtils.java, line(s) 87,134,144,155 com/bairuitech/anychat/videobanksdk/common/basicutils/BRInternetIpUtils.java, line(s) 28,93 com/bairuitech/anychat/videobanksdk/common/basicutils/BRLogUtils.java, line(s) 22,95,35,43,50,57,77,83 com/bairuitech/anychat/videobanksdk/common/basicutils/BRScreenManagerUtils.java, line(s) 23,35,44,59,114 com/bairuitech/anychat/videobanksdk/common/basicutils/BRTimeUtils.java, line(s) 22,58,71,86,103,123,141,162 com/bairuitech/anychat/videobanksdk/common/basicutils/encrypt/BRBase64BitmapUtil.java, line(s) 35,44,58,71,98,107,121,134,148 com/bairuitech/anychat/videobanksdk/common/dialog/loading/BRLoadingDialog.java, line(s) 73 com/bairuitech/anychat/videobanksdk/common/login/BRLoginModule.java, line(s) 57 com/bairuitech/anychat/videobanksdk/common/permission/CscPermissionUtils.java, line(s) 33,43,50 com/bairuitech/anychat/whiteboard/AnyChatScreenShotHelper.java, line(s) 84,181,310,318,322 com/github/barteksc/pdfviewer/PDFView.java, line(s) 595,818,932 com/github/barteksc/pdfviewer/RenderingHandler.java, line(s) 77 com/github/barteksc/pdfviewer/link/DefaultLinkHandler.java, line(s) 29 com/networkbench/nbslens/nbsnativecrashlib/c.java, line(s) 18,23,48,53,28,33,8,13,38,43 com/shockwave/pdfium/PdfiumCore.java, line(s) 41,33,235,241 d/a.java, line(s) 86 e1/a.java, line(s) 156,161,168,172,184,192 e3/d.java, line(s) 36,35,64,82,65,83 e3/i.java, line(s) 59,60 e3/j.java, line(s) 214,215,226 e3/m.java, line(s) 63,70,64,71 g/f.java, line(s) 144,181,193,203,368 g0/b.java, line(s) 85,153 h3/g.java, line(s) 482,22,345,367 i/a0.java, line(s) 125,134,219,256 i/b1.java, line(s) 22 i/h.java, line(s) 40,49 i/i.java, line(s) 142 i/j0.java, line(s) 426,181,186,193,338,409 i/l0.java, line(s) 106 i/m0.java, line(s) 45,60,88 i/p0.java, line(s) 100,123,199,213 i/q0.java, line(s) 31 i/v.java, line(s) 92,121,126,131 i/v0.java, line(s) 105,121,127 i/y0.java, line(s) 102,176 i0/b.java, line(s) 500,522 i3/h.java, line(s) 41,91,92,42 k0/e.java, line(s) 32 k0/f.java, line(s) 67 k0/h.java, line(s) 28 l2/h.java, line(s) 80,105,113 l2/j.java, line(s) 34 l2/k.java, line(s) 64,73 m0/h.java, line(s) 24 m2/a.java, line(s) 215 m3/a.java, line(s) 47,48 n0/c.java, line(s) 48,53 n0/d.java, line(s) 36 n0/e.java, line(s) 56 n0/f.java, line(s) 43 n0/g.java, line(s) 55,263 n0/l.java, line(s) 76 n2/d.java, line(s) 176,203,173,202 n2/e.java, line(s) 94,115,132,93,114,131 o/e.java, line(s) 51,77,96,123 o/f1.java, line(s) 26 o/g1.java, line(s) 77 o/i.java, line(s) 158 o/j1.java, line(s) 278,27 o/m.java, line(s) 66,79,92,155,169,184 o/o0.java, line(s) 128 o/p0.java, line(s) 95,161,174,178,182,185,201,242,254,287,292,302,318,341,387,392,413,455,579,120,346,418,427,539,576,75 o/s.java, line(s) 302,305,479,527,529,655,865,144,298,312,332,608,764,44 o/u.java, line(s) 20 o/x0.java, line(s) 14 o/z.java, line(s) 27 o0/a.java, line(s) 31,40,58,67 o0/e.java, line(s) 27,59,117 p2/b.java, line(s) 69,68 p2/j.java, line(s) 95,137,94,136,140,146,152,149,153 p2/l.java, line(s) 52,51 q/f.java, line(s) 38,49,56 q0/b.java, line(s) 19 q0/c.java, line(s) 22 q2/a.java, line(s) 28,27 q2/b.java, line(s) 94,93 r/a1.java, line(s) 79,103 r/f0.java, line(s) 705,363,75,436 r/h0.java, line(s) 10 r/i0.java, line(s) 17 r/o.java, line(s) 65 r/q1.java, line(s) 265,277,124,268 r/r.java, line(s) 23 r/s.java, line(s) 117 r/v0.java, line(s) 224 r/y0.java, line(s) 66,61 r/z.java, line(s) 45 r/z0.java, line(s) 23 r2/a0.java, line(s) 45,46 r2/j.java, line(s) 516,132,227,515,344 r2/k.java, line(s) 131,132 r2/m.java, line(s) 18,163 r2/r.java, line(s) 145 s/a1.java, line(s) 79,99 s/g1.java, line(s) 42 s/o.java, line(s) 23 s/p.java, line(s) 72,12 s/x.java, line(s) 64,90,126,132,10 s2/i.java, line(s) 149,182,150,183 s2/j.java, line(s) 56,68,155,203,55,67,103,106,113,151,167,173,190,202,205,104,114,136,171,191 t/a.java, line(s) 12,7 t/b.java, line(s) 84 t0/b.java, line(s) 15 t2/d.java, line(s) 36,45,68,99,37,69,46,100 t2/i.java, line(s) 91,76 u0/b.java, line(s) 42 u0/f.java, line(s) 31,44,91,153,200,217,241 u0/q.java, line(s) 20,31 u0/w.java, line(s) 42,54,61,70 u2/a.java, line(s) 77,76 v/i.java, line(s) 73 v2/c.java, line(s) 44,43 v2/e.java, line(s) 100,99 v2/s.java, line(s) 85,86 v2/t.java, line(s) 40,39 w/c.java, line(s) 102 w0/e.java, line(s) 29,38 x/a.java, line(s) 60 y2/g.java, line(s) 20,25,21,28 y2/h.java, line(s) 169,191,199,224,251,258,168,190,198,219,230,240,245,249,253 y2/k.java, line(s) 33,63,38,68 y2/o.java, line(s) 58,59 y2/r.java, line(s) 72,81,88,73,82,89,90,91,94
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: cn/cloudwalk/util/RootUtil.java, line(s) 237,242,249,249,252,252 com/networkbench/nbslens/nbsnativecrashlib/n.java, line(s) 50,50,50,50,50
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: v4/u.java, line(s) 174,173,182,172,172
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cdns.chinastock.com.cn) 通信。
{'ip': '118.253.173.183', 'country_short': 'CN', 'country_long': '中国', 'region': '湖南', 'city': '怀化', 'latitude': '27.549440', 'longitude': '109.959167'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (im.chinastock.com.cn) 通信。
{'ip': '219.143.246.9', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (webtrade.chinastock.com.cn) 通信。
{'ip': '218.30.180.39', 'country_short': 'CN', 'country_long': '中国', 'region': '-', 'city': '-', 'latitude': '39.907501', 'longitude': '116.397232'}